Ch 7 Flashcards
When evaluating a cloud service provider’s data security measures, a company would appropriately consider each of the following risk factors, except
A.
The provider’s vertical scalability. (43%)
B.
The provider’s third-party suppliers. (26%)
C.
The provider’s multi-tenant architecture. (14%)
D.
The provider’s cloud-of-cloud agreements
A
Cloud computing allows organizations to use the Internet to access and use services and applications that run on remote third-party technology infrastructure (eg, Spotify, YouTube). Cloud deployment models—particularly those that host a software application (eg, Software as a Service [SaaS]) or provide systems that host multiple software applications (ie, Platform as a Service [PaaS])—may share physical assets (eg, servers, network hardware) and virtual assets (eg, operating systems, application software) among many clients.
This sharing of assets is referred to as multi-tenant architecture. Unauthorized access by the other tenants and confidentiality of data, data integrity, and service availability are key areas of risk for consumers using cloud service providers (Choice C).
Cloud service providers commonly rely on third-party suppliers for a variety of services and assets, including hosting software, cloud-provided application software, equipment, and connectivity. Security vulnerabilities in third-party-supplied assets, such as out-of-date firmware or compromised third-party software, are also a major area of risk for customers (Choice B).
In cloud-of-cloud (ie, multicloud) agreements, a business creates a cloud comprising several cloud service providers, which has similar security risks to those in a single cloud service provider environment (Choice D)
In a cloud computing setting, vertical scalability refers to the ability of a service provider to increase the computer resources (eg, processing power, storage capacity, network bandwidth) available to a hosted product and has no direct bearing on cloud computing risk.
Things to remember:
When evaluating a cloud service provider’s data security measures, a company should consider risk factors such as the provider’s third-party suppliers, multi-tenant architecture, and cloud-of-cloud agreements.
